Cybersecurity

Mobsters now overlap with cybercrime gangs and use AI for evil, Europol warns

PLUS: Russian bug-buyers seeks Telegram flaws; Another WordPress security mess; NIST backlog grows; and more! Infosec In Brief  Organized crime networks are now reliant on digital tech for most of their activities according to Europol, the European agency that fights international crime on the continent and beyond.…

Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US

Plus AI in the infosec world, why CISA should know its place, and more Interview  Russia appears to be having second thoughts on how aggressively, or at least how visibly, it attempts to influence American elections, according to a former head of the NSA.…

AdTech CEO whose products detected fraud jailed for financial fraud

Made up revenue and pretended to use non-existent data The former CEO of Kubient, an advertising tech company that developed a cloudy product capable of detecting fraudulent ads, has been jailed for fraud.…

Paragon spyware deployed against journalists and activists, Citizen Lab claims

Plus: Customer info stolen from 'parental control' software slinger SpyX; F-35 kill switch denied Infosec newsbytes  Israeli spyware maker Paragon Solutions pitches its tools as helping governments and law enforcement agencies to catch criminals and terrorists, but a fresh Citizen Lab report claims its software has been used…

Capital One cracker could be sent back to prison after judges rule she got off too lightly

Feds want book thrown at Paige Thompson, who pinched 100M customer records Paige Thompson, the perpetrator of the Capital One data theft, may be sent back behind bars – after an appeals court ruled her sentence of time served plus five years of probation was too lenient.…

Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed up

So much for that vacation A US Department of Defense electrical engineer has turned his world upside down after printing 155 pages from 20 documents, all of which were marked top secret and classified, from his DoD workspace, brought them home with him – and was collared on…

Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist

Palming off the blame using an ‘unknown’ best practice didn’t go down well either In patching the latest critical remote code execution (RCE) bug in Backup and Replication, software shop Veeam is attracting criticism from researchers for the way it handles uncontrolled deserialization vulnerabilities.…

Too many software supply chain defense bibles? Boffins distill advice

How to avoid another SolarWinds, Log4j, and XZ Utils situation Organizations concerned about software supply chain attacks should focus on role-based access control, system monitoring, and boundary protection, according to a new preprint paper on the topic.…

The post-quantum cryptography apocalypse will be televised in 10 years, says UK’s NCSC

Wow, a government project that could be on time for once ... cos it's gonna be wayyyy more than a decade The UK's National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.…

Attackers swipe data of 500k+ people from Pennsylvania teachers union

SSNs, payment details, and health info too The Pennsylvania State Education Association (PSEA) says a July 2024 "security incident" exposed sensitive personal data on more than half a million individuals, including financial and health info.…

Copyright © 2024 Lugapel